Adobe announces security breach

Security breach part of "sophisticated attack"

October 4, 2013

Adobe Systems Inc. said 2.9 million customers had their IDs, passwords and credit-card data stolen by hackers who breached the U.S. software company’s security.

The attackers accessed encrypted customer passwords and payment card numbers, the company said.

Hackers also illegally took copies of the source code of some of the company’s widely used products, which are run on personal computers and businesses servers around the world.

Products whose source code was stolen include the Acrobat family of products, the ColdFusion Web application platform, ColdFusion Builder and unspecified other Adobe products, the San Jose, Calif. company said.

“We deeply regret that this incident occurred,” Chief Security officer Brad Arkin said in a blog post. “We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”

“Cyberattacks are one of the unfortunate realities of doing business today,” Arkin said on Thursday. “Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers.”

Chester Wisniewski, senior adviser at Internet security company Sophos, told the BBC: “Access to the source code could be very serious.

“Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take

control of millions of machines.

“This is on the same level as a Microsoft security breach.” he added.

Alex Holden, chief security of Hold Security LLC, said the source-code theft could give hackers access to individual and corporate systems that use Adobe software, raising the specter of new attacks.

“Effectively, this breach may have opened a gateway for a new generation of viruses, malware and exploits, “ he wrote in a blog post.

Adobe said that it is resetting passwords for the customer accounts it believes were compromised, and that those customers will get an email alerting them to the change.

It is also recommending that, as a precaution, customers affected change their passwords and user information for other websites for which they used the same ID.

For those customers whose debit or credit card information is suspected of being accessed, Adobe said it notified banks about the attacks so they can help protect customer accounts.

The company offered those customers a complimentary one-year credit-monitoring membership.

Finally, the company said it had notified law enforcement officials and is working to identify the hackers.